LEGAL NOTICES

Web publishing

Website edited and published by VINORA Vins Volcaniquesan incorporated nonprofit association created and governed under the French ‘1901’ law,
registered under SIREN code 851 340 703,

851 340 703
and headquartered at the Puy-de-Dôme Chamber of Commerce and Industry, 148 boulevard Lavoisier, 63037 Clermont-Ferrand

France
Director of publication: VINORA Vins VolcaniquesVINORA Vins Volcaniques

Web authoring

Graphic design and layout: Gaïdo, OSMOSE Communication, VINORA Vins Volcaniques,
Web development and integration: Gaïdo
© photos: Pierre Soissons, Shutterstock, Vulcania, Vinidôme
Illustrations : OSMOSE Communication

Hosting

Gaïdo SEO Technologies
5 rue Enrico Fermi
63540 Romagnat
www.gaido.fr

All content of this site is the property of VINORA Vins Volcaniques and is protected by French and international intellectual property code and law. It is strictly forbidden for any person, whether a buyer, a user, or just a visitor to the website, to reproduce any of the website content, in full or in part. Unauthorized reproduction is liable to constitute an infringement of copyright.

Any and all name-valued data recorded on this website will be held and used in full compliance with the EU General Data Protection Regulation 2016/679 on data privacy and transfers of personal data. Users of this website have the right to request access to their personal data, to request rectification of their personal data, and the right to have their personal erased—rights that they can exercise through VINORA Vins Volcaniques.

Privacy policy – GDPR

Purpose

This Privacy Policy is implemented by VINORA Vins Volcaniques, CCI du Puy-de-Dôme, 148 boulevard Lavoisier 63037 Clermont-Ferrand Cedex 1, France, and assigned registration number: 851 340 703 (“the data controller”).

The purpose of this Privacy Policy is to inform visitors to the website pages hosted at www.vinora.vin (“website”) on how the data controller collects and processes data.

As such, this Privacy Policy materializes the data controller’s desire to demonstrate full transparency and act in full compliance with all governing provisions set out in national information privacy legislation and in EU Regulation 2016/679 of 27 April 2016 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC” (the “General Data Protection Regulation”).

The data controller is committedly attentive to protecting user privacy and consequently warrants to take all reasonable precautions practicable to protect all personal data collected against loss, theft, disclosure, and unauthorized use.

Here, “personal data” means any and all personal data connected to the user, i.e. any and all information that can be used to directly or indirectly identify a specific natural person.

If you, the user, have any questions or concerns about any of the data practices described below, please email or write to the data controller at the addresses given under the “Contact details” section of this Privacy Policy.

What data do we collect?

The data controller collects and processes the following personal data, per the principles and processes described below:

• your domain name (which is automatically detected by the data controller’s server), including dynamic IP address;

• your email address, if previously communicated to us by the user, typically by sending messages or questions via the website, by emailing the data controller, by logging with authentication to the restricted-access part of the website, etc ;

• all allied information on that web pages that the user pulled up on the website;;

• any other information that users opt to give when communicating with us, typically when responding to surveys and/or signing up to our website services, or after giving identification required to authenticate you when you log in to the restricted-access part of the website.

The data controller may also collect non-personal data, in which case said data is qualified as ‘non-personal’ data as it cannot be used to directly or indirectly identify a specific natural person, and may therefore be freely used by the data controller for any purposes whatsoever, typically to improve our website experience or our products and services, or to make our online advertising more relevant.

Note that if non-personal data is combined with personal data in such a way the subjects of that data are made identifiable, then such data will be handled as personal data until such time as it can no longer be connected to a specific person.

How we collect personal data

The data controller may collect personal data in the following ways


PurposeFinalités du traitement

Personal data may only be collected and processed for the following purposes:

• to manage and control delivery of the services proposed;

• to send you marketing communications about the data controller’s products and services;

• to send you marketing material;

• to answer questions addressed to us by users;

• to inform website statistics and analytics;

• to improve the quality of the website experience and the products and/or services proposed by the data controller;

• to forward information on new products and/or services proposed by the data controller;

• to inform our business development efforts;

• to analyze and better understand the user’s interests and preferences.

The data controller may come to process personal data in other ways not yet addressed in this Privacy Policy, in which case the data controller will contact the user before their personal data gets used, to give the user explicit advance notice of the coming changes and provide the user an opportunity to exercise their right to opt out.

Legitimate interests

Some of the purposes for which the data controller processes user data rely on legal grounds based on the data controller’s legitimate interests. We balance these legitimate interests against the user’s own interests in a way that does not materially impact the user’s rights and freedoms. Users who want to be told more about these purposes where we rely on legal-basis legitimate interests can get in touch with the data controller (please see “Contact details”).

Data retention period

As a rule, the data controller will only retain personal data for as long as reasonably necessary to achieve the purposes it serves, and always in compliance with the governing legal and regulatory requirements.

Personal data pertaining to any customer will be kept for no more than ten (10) years after the end of the contractual relationship between that customer and the data controller.

Once the data retention period expires, the data controller we will make every effort to ensure that the personal data has effectively been made de-identified and deleted.

Exercising your rights

The data controller reserves the right to verify and authenticate the user’s identify before proceeding to execute any and all of the user’s rights set out below.

Such request for further proof of identity from you will be made within one month of receiving the user’s request to exercise their right(s).

Right to access and receive a copy of the personal data we hold about you

You will not have to pay a fee to obtain written notice or a copy of your personal data.

However, for any further copies requested by you, the data controller may charge a reasonable fee based on administrative costs.

If the user files this request by email, then the information will be returned in a common electronic format, unless otherwise specified by the user.

The data controller will process all requests for a copy of personal data within one month, except in the special cases set out in the EU General Data Protection Regulation.

Right to correct the personal data we hold about you

You, the user, have a right to correct your personal data if it is incorrect, inaccurate, or incomplete, within no more than one month, at no fee.

The data controller will process all requests to exercise the right to correction within one month, except in the special cases set out in the EU General Data Protection Regulation.

Right to object to processing of the personal data we hold about you

You, the user, have a right to object to processing of your personal data, on grounds motivated by your own reasons, at any time and free of charge, where:

• the processing is for a task carried out in the public interest or the exercise of official authority vested in the data controller;

• the processing is for the data controller’s legitimate interests (or those of a third party), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular where the data subject is a child).

Note that the data controller would be able to refuse to exercise this right to object and continue processing your data if the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or if the processing is for the establishment, exercise or defence of legal claims. The user can contest this measure by filing an appeal, per the process given under the “Claims and complaints” section of this Privacy Policy.

You, the user, also have an absolute right to object to processing of your personal data, at any time and free of charge, where the personal data is collected for purposes of direct marketing (which includes profiling).

You, the user, have a right to object to processing of your personal data, on grounds motivated by your own reasons, where your personal data is processed for purposes relating to scientific/historical research or statistics, as provisioned by the EU General Data Protection Regulation, unless the processing is necessary for a task carried out in the public interest.

Except in the special cases set out in the EU General Data Protection Regulation, the data controller is to respond to all related user requests promptly within one month, and set out its reasons in the response if it does not intend to proceed with the request.

Right to restrict processing of the personal data we hold about you

You, the user, have a right to restrict the processing of your personal data:

• where the user has contested the accuracy of personal data held, and only for the time needed by the data controller to verify the data;

• where the processing is unlawful but the user prefers to restrict processing rather than have their data erased;

• where the data controller no longer needs the data for processing purposes but the user requires it to establish, exercise or defend a legal claim;

• for the period in which you, the user, have filed an objection to the processing and the data controller is considering whether its legitimate interests override the user’s interests.

The data controller will notify the user when the restriction is lifted.

Right to erasure of the personal data we hold about you

You, the user, have a right to ask for your personal data to be erased, where:

• your personal data is no longer necessary in relation to the purpose for which it was collected/processed ;

• you withdraw your consent to the processing and there is no overriding legitimate interest to continue processing;;

• you object to the processing and there are no overriding legitimate grounds for the processing and/or you exercise your right to specifically object to processing your personal data for direct marketing purposes (which includes profiling);

• your personal data was unlawfully processed;

• your personal data should be erased to comply with a legal obligation under EU law or EU member-state law governing the data controller; ;

• your personal data is processed in relation to information society services offered to a child.

However, the data controller can refuse to erase your personal data when the processing is necessary:

• for exercising the right of freedom of expression and information ;

•to comply with a legal obligation that requires processing under EU law or EU member-state law governing the data controller, or for the performance of a task of public interest or the exercise of official authority vested in the data controller; ;

• for public-health purposes in the public interest;

• for archiving purposes in the public interest, or for purposes relating to scientific/historical research or statistics, to the extent that exercising the right to erasure would likely make these purposes impossible to near impossible to achieve;;

• where the data has to be processed for the exercise or defence of legal claims..

Except in the special cases set out in the EU General Data Protection Regulation, the data controller is to respond to all related user requests promptly within one month, and set out its reasons in the response if it does not intend to proceed with the request.

Right to portability of the personal data we hold about you

You, the user, have a right to request a machine-readable copy of your personal data in a common format, notably for you to safely transfer your personal data to another data controller:

• where the processing is carried out by automated means; and

•where the processing is based on user consent or the performance of a contract between the user and the data controller..

In exercising this right to data portability, you also have the right to ask the data controller to transfer your personal data to another controller, where technically feasible.

The right to data portability processing does not apply when the purpose of processing is for a task carried out in the public interest or the exercise of official authority vested in the data controller.

Who we share you data with, and disclosure to third parties

The data we collect and process is held by the data controller but also shared with the controller’s collaborators or other providers as well as carefully-selected business partners located in France or in other EU countries who collaborate with the data controller on marketing products or providing services.

Your personal data will not be disclosed to third parties for direct marketing or business development purposes until you have first received explicit advance notice and been given an opportunity to consent to the transfer to third parties.

Where such transfer to third parties is based on user consent, you, the user, can withdraw your consent to use your data for this specific purpose, at any time.

The data controller complies with all appropriate governing legal and regulatory requirements, and will unfailingly ensure that any and all collaborators, partners, providers or other third parties who have access to this personal data equally comply with this Privacy Policy.

The data controller may be compelled to disclose your personal data if obliged to do so by legal order from judicial or national public authorities.

The data controller will never transfer personal data out of the European Union.

Keeping data safe

The data controller implements appropriate technical and organizational controls to safeguard the personal data collected against the risks inherent to processing personal data and the type of personal data collected. The data controller takes appropriate measure of the relevant state of the art and the extent, nature, context and purposes of the processing, the processing costs engaged, and the risks to the rights and freedoms of the user.

The data controller always uses industry-standard IT-platform encryption technologies to transfer or receive data on the website.

The data controller has implemented appropriate technical and organizational controls to protect and safeguard all personal information received on the website against loss, misuse, and/or alteration.

If the personal data held by the data controller should become compromised, then the data controller will take swift and prompt action to identify the cause of the breach and take the appropriate remediation measures.

The data controller will issue the user notice of the incident if and where required by law.

Claims and complaints

If you, the user, have any questions or concerns about any of the data practices described in the Privacy Policy, please contact the data controller directly.

The user can also file any claim or complaint with their home-country’s national data protection authorities, which are listed with their contact details on the official European Commission platform at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Furthermore, the user can also file a complaint to the competent national authorities.

Contact details

Users wishing to address any question, query or claim tied to this Privacy Policy should email

vinoravinsvolcaniques@gmail.com or write to the data controller at CCI du Puy-de-Dôme, 148 boulevard Lavoisier, 63037 Cedex 1, France.

Policy changes

The data controller reserves the right to amend the provisions of this Privacy Policy at any time, at its own discretion. Notice of any and all changes or amendments made will be published directly on the data controller’s website.

Governing law and choice of forum

This Privacy Policy is governed by the national law of the data controller’s registered office.

Any dispute arising out of or in connection with interpretation or performance of this Privacy Policy Privacy shall be settled by arbitration per this same national law.

This most recent version of this Privacy Policy is dated 24th September 2019.